Bootstrap
why dependency track consider bootstrap version 5.3.3 affected by CVE-2024-6484 ? #41343
Unanswered
fatmakhlif
asked this question in
Q&A
Replies: 1 comment
-
|
also CVE-2024-6531 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Regarding Depenedncy track tool bootstrap v 5.3.3 is affected. A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
Does version 5.3.4 comes with a fix ?
Beta Was this translation helpful? Give feedback.
All reactions